Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

metrics-for-apps: Adding inventory/groupvars/changes for ocp prod

Browse source 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
This commit is contained in:
David Kirwan 2021-08-30 13:12:45 +09:00 committed by dkirwan
parent 52dadb7d0d
commit 9f39d76e2c
17 changed files with 570 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
inventory/group_vars/all
View file

@ -275,6 +275,12 @@ os_wildcard_crt_file: wildcard-2021.app.os.fedoraproject.org.cert
os_wildcard_key_file: wildcard-2021.app.os.fedoraproject.org.key
os_wildcard_int_file: wildcard-2021.app.os.fedoraproject.org.intermediate.cert
# This is the openshift wildcard cert for ocp
ocp_wildcard_cert_name: wildcard-2021.apps.ocp.fedoraproject.org
ocp_wildcard_cert_file: wildcard-2021.apps.ocp.fedoraproject.org.cert
ocp_wildcard_key_file: wildcard-2021.apps.ocp.fedoraproject.org.key
ocp_wildcard_int_file: wildcard-2021.apps.ocp.fedoraproject.org.intermediate.cert
# Everywhere, always, we should sign messages and validate signatures.
# However, we allow individual hosts and groups to override this. Use this very
# carefully.. and never in production (good for testing stuff in staging).

8
inventory/group_vars/ocp Normal file
View file

@ -0,0 +1,8 @@
---
rhcos_version: 4.8.2
ocp4: true
vpn: false
nagios_Check_Services:
swap: false
nrpe: false
mail: false

11
inventory/group_vars/proxies
View file

@ -124,3 +124,14 @@ openshift_nodes:
- os-node01.vpn.fedoraproject.org
- os-node02.vpn.fedoraproject.org
- os-node03.vpn.fedoraproject.org
ocp_masters:
- bootstrap.ocp.iad2.fedoraproject.org
- ocp01.ocp.iad2.fedoraproject.org
- ocp02.ocp.iad2.fedoraproject.org
- ocp03.ocp.iad2.fedoraproject.org
ocp_nodes:
- worker01.ocp.iad2.fedoraproject.org
- worker02.ocp.iad2.fedoraproject.org
- worker03.ocp.iad2.fedoraproject.org

4
inventory/group_vars/proxies_stg
View file

@ -121,13 +121,13 @@ openshift_nodes:
- os-node03.stg.iad2.fedoraproject.org
- os-node04.stg.iad2.fedoraproject.org
ocp_masters:
ocp_masters_stg:
# - bootstrap.ocp.stg.iad2.fedoraproject.org
- ocp01.ocp.stg.iad2.fedoraproject.org
- ocp02.ocp.stg.iad2.fedoraproject.org
- ocp03.ocp.stg.iad2.fedoraproject.org
ocp_nodes:
ocp_nodes_stg:
- worker01.ocp.stg.iad2.fedoraproject.org
- worker02.ocp.stg.iad2.fedoraproject.org
- worker03.ocp.stg.iad2.fedoraproject.org

60
inventory/host_vars/bootstrap.ocp.iad2.fedoraproject.org Normal file
View file

@ -0,0 +1,60 @@
---
freezes: false
datacenter: iad2
vmhost: vmhost-x86-04.iad2.fedoraproject.org,
volgroup: /dev/vg_guests
lvm_size: 120g
mem_size: 16384
max_mem_size: 16384
num_cpus: 4
dns1: 10.3.163.33
dns2: 10.3.163.34
dns_search1: "iad2.fedoraproject.org"
dns_search3: "fedoraproject.org"
has_ipv4: yes
eth0_ipv4: 10.3.163.126
eth0_ipv4_nm: 24
eth0_ipv4_gw: 10.3.163.254
eth0_ip: "{{eth0_ipv4}}"
nm: 255.255.255.0
gw: "{{ eth0_ipv4_gw }}"
dns: "{{ dns1 }}"
mac0: "{{ ansible_default_ipv4.macaddress }}"
rhcos_ignition_file_url: "http://10.3.163.65/rhcos/bootstrap.ign"
rhcos_install_img_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz"
rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img"
rhcos_install_url: "http://10.3.163.65/rhcos/"
virt_install_command: "{{ virt_install_command_pxe_rhcos }}"
network_connections:
- name: eth0
mac: "{{ mac0 }}"
state: up
type: ethernet
autoconnect: yes
ip:
address:
- "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
gateway4: "{{ eth0_ipv4_gw }}"
dns:
- "{{ dns1 }}"
- "{{ dns2 }}"
dns_search:
- "{{ dns_search1 }}"
- "{{ dns_search2 }}"
- "{{ dns_search3 }}"
dhcp4: no
auto6: no
vpn: true
nrpe_procs_warn: 1200
nrpe_procs_crit: 1400

60
inventory/host_vars/ocp01.ocp.iad2.fedoraproject.org Normal file
View file

@ -0,0 +1,60 @@
---
freezes: false
datacenter: iad2
vmhost: vmhost-x86-04.iad2.fedoraproject.org,
volgroup: /dev/vg_guests
lvm_size: 120g
mem_size: 16384
max_mem_size: 16384
num_cpus: 4
dns1: 10.3.163.33
dns2: 10.3.163.34
dns_search1: "iad2.fedoraproject.org"
dns_search3: "fedoraproject.org"
has_ipv4: yes
eth0_ipv4: 10.3.163.120
eth0_ipv4_nm: 24
eth0_ipv4_gw: 10.3.163.254
eth0_ip: "{{eth0_ipv4}}"
nm: 255.255.255.0
gw: "{{ eth0_ipv4_gw }}"
dns: "{{ dns1 }}"
mac0: "{{ ansible_default_ipv4.macaddress }}"
rhcos_ignition_file_url: "http://10.3.163.65/rhcos/controlplane.ign"
rhcos_install_img_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz"
rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img"
rhcos_install_url: "http://10.3.163.65/rhcos/"
virt_install_command: "{{ virt_install_command_pxe_rhcos }}"
network_connections:
- name: eth0
mac: "{{ mac0 }}"
state: up
type: ethernet
autoconnect: yes
ip:
address:
- "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
gateway4: "{{ eth0_ipv4_gw }}"
dns:
- "{{ dns1 }}"
- "{{ dns2 }}"
dns_search:
- "{{ dns_search1 }}"
- "{{ dns_search2 }}"
- "{{ dns_search3 }}"
dhcp4: no
auto6: no
vpn: true
nrpe_procs_warn: 1200
nrpe_procs_crit: 1400

60
inventory/host_vars/ocp02.ocp.iad2.fedoraproject.org Normal file
View file

@ -0,0 +1,60 @@
---
freezes: false
datacenter: iad2
vmhost: vmhost-x86-05.iad2.fedoraproject.org,
volgroup: /dev/vg_guests
lvm_size: 120g
mem_size: 16384
max_mem_size: 16384
num_cpus: 4
dns1: 10.3.163.33
dns2: 10.3.163.34
dns_search1: "iad2.fedoraproject.org"
dns_search3: "fedoraproject.org"
has_ipv4: yes
eth0_ipv4: 10.3.163.121
eth0_ipv4_nm: 24
eth0_ipv4_gw: 10.3.163.254
eth0_ip: "{{eth0_ipv4}}"
nm: 255.255.255.0
gw: "{{ eth0_ipv4_gw }}"
dns: "{{ dns1 }}"
mac0: "{{ ansible_default_ipv4.macaddress }}"
rhcos_ignition_file_url: "http://10.3.163.65/rhcos/controlplane.ign"
rhcos_install_img_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz"
rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img"
rhcos_install_url: "http://10.3.163.65/rhcos/"
virt_install_command: "{{ virt_install_command_pxe_rhcos }}"
network_connections:
- name: eth0
mac: "{{ mac0 }}"
state: up
type: ethernet
autoconnect: yes
ip:
address:
- "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
gateway4: "{{ eth0_ipv4_gw }}"
dns:
- "{{ dns1 }}"
- "{{ dns2 }}"
dns_search:
- "{{ dns_search1 }}"
- "{{ dns_search2 }}"
- "{{ dns_search3 }}"
dhcp4: no
auto6: no
vpn: true
nrpe_procs_warn: 1200
nrpe_procs_crit: 1400

60
inventory/host_vars/ocp03.ocp.iad2.fedoraproject.org Normal file
View file

@ -0,0 +1,60 @@
---
freezes: false
datacenter: iad2
vmhost: vmhost-x86-06.iad2.fedoraproject.org,
volgroup: /dev/vg_guests
lvm_size: 120g
mem_size: 16384
max_mem_size: 16384
num_cpus: 4
dns1: 10.3.163.33
dns2: 10.3.163.34
dns_search1: "iad2.fedoraproject.org"
dns_search3: "fedoraproject.org"
has_ipv4: yes
eth0_ipv4: 10.3.163.122
eth0_ipv4_nm: 24
eth0_ipv4_gw: 10.3.163.254
eth0_ip: "{{eth0_ipv4}}"
nm: 255.255.255.0
gw: "{{ eth0_ipv4_gw }}"
dns: "{{ dns1 }}"
mac0: "{{ ansible_default_ipv4.macaddress }}"
rhcos_ignition_file_url: "http://10.3.163.65/rhcos/controlplane.ign"
rhcos_install_img_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz"
rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img"
rhcos_install_url: "http://10.3.163.65/rhcos/"
virt_install_command: "{{ virt_install_command_pxe_rhcos }}"
network_connections:
- name: eth0
mac: "{{ mac0 }}"
state: up
type: ethernet
autoconnect: yes
ip:
address:
- "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
gateway4: "{{ eth0_ipv4_gw }}"
dns:
- "{{ dns1 }}"
- "{{ dns2 }}"
dns_search:
- "{{ dns_search1 }}"
- "{{ dns_search2 }}"
- "{{ dns_search3 }}"
dhcp4: no
auto6: no
vpn: true
nrpe_procs_warn: 1200
nrpe_procs_crit: 1400

57
inventory/host_vars/worker01.ocp.iad2.fedoraproject.org Normal file
View file

@ -0,0 +1,57 @@
---
freezes: true
datacenter: iad2
arch: x86_64
dns1: 10.3.163.33
dns2: 10.3.163.34
dns_search1: "iad2.fedoraproject.org"
dns_search3: "fedoraproject.org"
has_ipv4: yes
eth0_ipv4: 10.3.163.123
eth0_ipv4_nm: 24
eth0_ipv4_gw: 10.3.163.254
eth0_ip: "{{eth0_ipv4}}"
nm: 255.255.255.0
gw: "{{ eth0_ipv4_gw }}"
dns: "{{ dns1 }}"
pxe_bootdev: eno34
install_dev: /dev/sda
mac0: "68:05:CA:CE:A3:C9"
rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz"
rhcos_install_url: "http://10.3.163.65/rhcos/"
rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64"
rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img"
rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img"
rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign"
network_connections:
- name: eth0
mac: "{{ mac0 }}"
state: up
type: ethernet
autoconnect: yes
ip:
address:
- "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
gateway4: "{{ eth0_ipv4_gw }}"
dns:
- "{{ dns1 }}"
- "{{ dns2 }}"
dns_search:
- "{{ dns_search1 }}"
- "{{ dns_search2 }}"
- "{{ dns_search3 }}"
dhcp4: no
auto6: no
vpn: true
nrpe_procs_warn: 1200
nrpe_procs_crit: 1400

57
inventory/host_vars/worker02.ocp.iad2.fedoraproject.org Normal file
View file

@ -0,0 +1,57 @@
---
freezes: true
datacenter: iad2
arch: x86_64
dns1: 10.3.163.33
dns2: 10.3.163.34
dns_search1: "iad2.fedoraproject.org"
dns_search3: "fedoraproject.org"
has_ipv4: yes
eth0_ipv4: 10.3.163.124
eth0_ipv4_nm: 24
eth0_ipv4_gw: 10.3.163.254
eth0_ip: "{{eth0_ipv4}}"
nm: 255.255.255.0
gw: "{{ eth0_ipv4_gw }}"
dns: "{{ dns1 }}"
pxe_bootdev: eno33
install_dev: /dev/sda
mac0: "68:05:CA:CE:A2:90"
rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz"
rhcos_install_url: "http://10.3.163.65/rhcos/"
rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64"
rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img"
rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img"
rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign"
network_connections:
- name: eth0
mac: "{{ mac0 }}"
state: up
type: ethernet
autoconnect: yes
ip:
address:
- "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
gateway4: "{{ eth0_ipv4_gw }}"
dns:
- "{{ dns1 }}"
- "{{ dns2 }}"
dns_search:
- "{{ dns_search1 }}"
- "{{ dns_search2 }}"
- "{{ dns_search3 }}"
dhcp4: no
auto6: no
vpn: true
nrpe_procs_warn: 1200
nrpe_procs_crit: 1400

57
inventory/host_vars/worker03.ocp.iad2.fedoraproject.org Normal file
View file

@ -0,0 +1,57 @@
---
freezes: true
datacenter: iad2
arch: x86_64
dns1: 10.3.163.33
dns2: 10.3.163.34
dns_search1: "iad2.fedoraproject.org"
dns_search3: "fedoraproject.org"
has_ipv4: yes
eth0_ipv4: 10.3.163.125
eth0_ipv4_nm: 24
eth0_ipv4_gw: 10.3.163.254
eth0_ip: "{{eth0_ipv4}}"
nm: 255.255.255.0
gw: "{{ eth0_ipv4_gw }}"
dns: "{{ dns1 }}"
pxe_bootdev: eno33
install_dev: /dev/sda
mac0: "68:05:CA:CE:A7:4C"
rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz"
rhcos_install_url: "http://10.3.163.65/rhcos/"
rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64"
rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img"
rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img"
rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign"
network_connections:
- name: eth0
mac: "{{ mac0 }}"
state: up
type: ethernet
autoconnect: yes
ip:
address:
- "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
gateway4: "{{ eth0_ipv4_gw }}"
dns:
- "{{ dns1 }}"
- "{{ dns2 }}"
dns_search:
- "{{ dns_search1 }}"
- "{{ dns_search2 }}"
- "{{ dns_search3 }}"
dhcp4: no
auto6: no
vpn: true
nrpe_procs_warn: 1200
nrpe_procs_crit: 1400

23
inventory/inventory
View file

@ -1054,6 +1054,29 @@ osbs_nodes_stg
osbs_aarch64_masters_stg
osbs_aarch64_nodes_stg
[ocp:children]
os_control
ocp_controlplane
ocp_workers
ocp_boostrap
[ocp_vms:children]
ocp_boostrap
ocp_controlplane
[ocp_controlplane]
ocp01.ocp.iad2.fedoraproject.org
ocp02.ocp.iad2.fedoraproject.org
ocp03.ocp.iad2.fedoraproject.org
[ocp_workers]
worker01.ocp.iad2.fedoraproject.org
worker02.ocp.iad2.fedoraproject.org
worker03.ocp.iad2.fedoraproject.org
[ocp_boostrap]
bootstrap.ocp.iad2.fedoraproject.org
[ocp_stg:children]
os_control_stg
ocp_controlplane_stg

6
playbooks/include/proxies-certificates.yml
View file

@ -48,6 +48,12 @@
tags:
- app.os.fedoraproject.org
- role: httpd/certificate
certname: wildcard-2021.apps.ocp.fedoraproject.org
SSLCertificateChainFile: wildcard-2021.apps.fedoraproject.org.intermediate.cert
tags:
- apps.ocp.fedoraproject.org
- role: httpd/certificate
certname: getfedora.org
SSLCertificateChainFile: getfedora.org.intermediate.cert

28
playbooks/include/proxies-reverseproxy.yml
View file

@ -628,7 +628,7 @@
balancer_name: ocp
targettype: openshift
ocp4: true
balancer_members: "{{ ocp_nodes }}"
balancer_members: "{{ ocp_nodes_stg }}"
keephost: true
tags:
- ocp.fedoraproject.org
@ -640,12 +640,36 @@
balancer_name: apps-ocp
targettype: openshift
ocp4: true
balancer_members: "{{ ocp_nodes }}"
balancer_members: "{{ ocp_nodes_stg }}"
keephost: true
tags:
- apps.ocp.fedoraproject.org
when: env == "staging"
- role: httpd/reverseproxy
website: "ocp{{ env_suffix }}.fedoraproject.org"
destname: ocp
balancer_name: ocp
targettype: openshift
ocp4: true
balancer_members: "{{ ocp_nodes }}"
keephost: true
tags:
- ocp.fedoraproject.org
when: env == "production"
- role: httpd/reverseproxy
website: "apps.ocp{{ env_suffix }}.fedoraproject.org"
destname: apps.ocp
balancer_name: apps-ocp
targettype: openshift
ocp4: true
balancer_members: "{{ ocp_nodes }}"
keephost: true
tags:
- apps.ocp.fedoraproject.org
when: env == "production"
- role: httpd/reverseproxy
website: "provision{{ env_suffix }}.fedoraproject.org"
destname: zezere

24
playbooks/include/proxies-websites.yml
View file

@ -712,6 +712,30 @@
- apps.ocp.stg.fedoraproject.org
when: env == "staging"
- role: httpd/website
site_name: ocp.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
# The Connection and Upgrade headers don't work for h2
# So non-h2 is needed to fix websockets.
use_h2: false
tags:
- ocp.fedoraproject.org
when: env == "prod"
- role: httpd/website
site_name: apps.ocp.fedoraproject.org
server_aliases: ["*.apps.ocp.fedoraproject.org", api.apps.ocp.fedoraproject.org]
sslonly: true
cert_name: "{{ocp_wildcard_cert_name}}"
SSLCertificateChainFile: "{{ocp_wildcard_int_file}}"
# The Connection and Upgrade headers don't work for h2
# So non-h2 is needed to fix websockets.
use_h2: false
tags:
- apps.ocp.fedoraproject.org
when: env == "prod"
- role: httpd/website
site_name: registry.fedoraproject.org
server_aliases: [registry.stg.fedoraproject.org registry-no-cdn.fedoraproject.org]

25
roles/dhcp_server/files/dhcpd.conf.noc01.iad2.fedoraproject.org
View file

@ -548,6 +548,31 @@ host centos01 {
option subnet-mask 255.255.255.0;
}
# Production network
host worker01-ocp {
hardware ethernet 68:05:CA:CE:A3:C9;
fixed-address 10.3.163.123;
filename "uefi/grubx64.efi";
next-server 10.3.163.10;
option routers 10.3.163.254;
option subnet-mask 255.255.255.0;
}
host worker02-ocp {
hardware ethernet 68:05:CA:CE:A2:90;
fixed-address 10.3.163.124;
filename "uefi/grubx64.efi";
next-server 10.3.163.10;
option routers 10.3.163.254;
option subnet-mask 255.255.255.0;
}
host worker03-ocp {
hardware ethernet 68:05:CA:CE:A7:4C;
fixed-address 10.3.163.125;
filename "uefi/grubx64.efi";
next-server 10.3.163.10;
option routers 10.3.163.254;
option subnet-mask 255.255.255.0;
}
# Staging network
host worker01-ocp-stg {
hardware ethernet 68:05:CA:CE:A2:AC;

28
roles/haproxy/templates/haproxy.cfg
View file

@ -37,6 +37,34 @@ backend stats-backend
stats enable
stats uri /
{% if env == "production" %}
frontend ocp-masters-kapi
mode tcp
bind 0.0.0.0:6443
default_backend ocp-masters-backend-kapi
backend ocp-masters-backend-kapi
mode tcp
server ocp01.ocp.iad2.fedoraproject.org ocp01.ocp.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check
server ocp02.ocp.iad2.fedoraproject.org ocp02.ocp.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check
server ocp03.ocp.iad2.fedoraproject.org ocp03.ocp.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check
# temp bootstrap node
server bootstrap.ocp.iad2.fedoraproject.org bootstrap.ocp.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check
frontend ocp-masters-machineconfig
mode tcp
bind 0.0.0.0:22623
default_backend ocp-masters-backend-machineconfig
backend ocp-masters-backend-machineconfig
mode tcp
server ocp01.ocp.iad2.fedoraproject.org ocp01.ocp.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check
server ocp02.ocp.iad2.fedoraproject.org ocp02.ocp.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check
server ocp03.ocp.iad2.fedoraproject.org ocp03.ocp.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check
# temp bootstrap node
server bootstrap.ocp.iad2.fedoraproject.org bootstrap.ocp.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check
{% endif %}
{% if env != "production" %}
frontend ocp-masters-kapi
mode tcp